Valdis has identified some of the technical issues associated with using
POP3 in this way.
I have refuted all of Valdis's technical points so far.
Let me step back and look at your proposal from another
angle.
Yes I think that is productive to discuss the end game (outside of technical
issues).
From the standpoint of the bulk mailer/ poster of material, there is no
advantage (and some disadvantages) of doing that posting so that interested
users can "pull" it relative to just posting the material on a web page
somewhere. Functionally, what you have proposed seems, to me, to be
roughly equivalent to:
* distributors of bulk materials are required to post them on
selected web sites.
It is an acceptable analogy, except I disagree that bulk posters of material
favor web post over POP post. I think they favor what ever their receiver
favors, by the law of supply and demand and economics. If receivers find it
more convenient to get a copy in their InBox, then that will be accomodated
(just as with mailing lists and archives now).
But in terms of the analogy, I will follow along...
* non-bulk materials may continue to go out via conventional
email.
Agreed.
Nice plan. The problem is that spammers won't play
Agreed.
and efforts to coerce
them into playing will largely fail due to international issues, lack of
adequate incentives, etc.... exactly the same problem we have today with
state laws prohibiting spam.
Here is where I *strongly* disagree.
Let me start with a story. The genesis for this proposal came from the fact
that our outgoing business email (not bulk but single emails sending a password
to a customer, etc) is being blacklisted by SPEWS (etc) because Rackspace (our
Host) allowed some other customers of theirs to send spam on the same C class
IP range as ours. SPEWS then blacklists the entire C class. Well SPEWS is
uncorrectable lately because they've been under DoS attacks (from spammers
presumably), thus caches of blacklists are used and nothing can be done except
for us to change our email IP address. So in discussing this with the AUP
manager and her boss at Rackspace, it became clear that Rackspace would never
be able to guarantee the quality of a C class range of IPs, because "Rackspace
can not determine what is legitimate bulk email and what is spam and thus can
not terminate new customers until a very heavy proof of spamming has already
occured, by which time the damage to C class has already been done".
So the lesson learned was that if Rackspace could automatically detect high
quantities of bulk email in real-time, then with my proposed architectual
change, Rackspace could in real-time shut off the spammer.
Okay so that is one example of how the architectual paradigm changes the rules
and allows more effective actions against spammers.
Now take for example legislative combined with ISP. For right now, spammers
are avoiding open relays and many foreign IPs because of blacklists, so they
get a dialup account and send from there. Well if there was a law requiring
USA ISPs to detect and shut these off in real-time, then spammers would need to
revert back to open relays and foreign IPs which are effectively dealt with
using blacklists. Then blacklists would not have to be so draconian with IP C
ranges in countries with strict enforcement, which would make the blacklists
more effective and useable.
Then take anti-spam software like the DCC, BrightMail, or even our
AntiViotic.com. If we know all bulk is bad, the game gets simpler because no
whitelist needed. Since whitelists are data that is forgeable by spammer, this
closes another hole. No to mention that whitelists make current anti-spam less
useable and realistic on wide scale.
I could go on... but I hope you begin to see how everything to fight spam
depends circularly on the ability to architectually define it.
If you can't measure it, you can't do any thing about it. That is a
fundamental datum of science.
More generally, you have just defined an "opt in" model that assumes that
anyone who has not explicited opted to receive particular messages will be
able to get them (or be sent them) only be some overt action on the
would-be recipient's part.
That is the definition of opt-in.
We know from experience that such a model won't
work without significant legal pressure and enforcement -- if you don't
believe me, sample any reasonable quantity of spam for messages that claim,
quite strongly, that, if you hadn't opted in, you wouldn't be receiving it.
What you are saying IMO, is that you can't force bulk emailers or spammers to
use opt-in. That has been because you can't measure the spam (UBE) from the
legitimate.
It is a chicken and egg problem. Once you have the egg (the architectural
metric), then reasonable to make the chicken. So comparing to before you had
the egg, is not necessarily illustrative.
Sorry, but no cigar.
I am smoking it (figuratively) right now :)
Thanks for getting to the crux of the matter and allowing me to make it clear.
Shelby Moore
http://AntiViotic.com